esx4 patch management guide

8/6/2019 ESX4 Patch Management Guide

1/24

ESX 4 Patch Management GuideESX 4.0

EN-000137-00


2/24

VMware, Inc.

3401 Hillview Ave.Palo Alto, CA 94304www.vmware.com

2 VMware, Inc.

ESX 4 Patch Management Guide

You can find the most up-to-date technical documentation on the VMware Web site at:

http://www.vmware.com/support/

The VMware Web site also provides the latest product updates.

If you have comments about this documentation, submit your feedback to:

[email protected]

2009 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual propertylaws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents .

VMware, the VMware boxes logo and design, Virtual SMP, and VMotion are registered trademarks or trademarks ofVMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarksof their respective companies.
http://www.vmware.com/supportmailto:[email protected]://www.vmware.com/go/patentshttp://www.vmware.com/go/patentshttp://www.vmware.com/supporthttp://www.vmware.com/support/mailto:[email protected]


3/24

VMware, Inc. 3

Contents

About

This

Book 5

1 AboutPatchesandUpdates 7AbouttheesxupdateUtility 7

PatchMaintenanceStrategy 8

CustomizingYourPatchProcess 9

2 InstallingUpdates 11BundleZipFiles 11

ScanningforApplicableBulletins 11

RetrievingBulletinInformation 12

VerifyingDiskSpace 13

StaginganInstallation 13

InstallingBulletins 14

InstallBulletinsonanESX4.0Host 15

3 ReferenceInformation 17esxupdateOptionsandCommands 17

esxupdateCommands 18

esxupdateExitCodesandErrorMessages 19

FrequentlyAskedQuestions 20

4 ESXPatchManagementTools 21AboutVMwarevCenterUpdateManager 21

AboutvSphereHostUpdateUtility 21

AboutvihostupdatevSphereCLI 21

Index 23


4/24


4 VMware, Inc.


5/24

VMware, Inc. 5

Thisbook,ESX4PatchManagementGuide,providesbackgroundinformationonprocessingpatchesforESX4.0hostsanddescribeshowtousetheesxupdateutilitytoapplysoftwareupdatesandtotracksoftware

installedonESX4.0hosts.

ThisbookprovidesinformationspecifictoESX4.0hostsandtheesxupdateutility.Itdoesnotdiscussthe

following:

HowtopatchESX4.0hostsautomaticallywiththeVMwareUpdateServiceandtheVMwarevCenter

UpdateManager.Forinformationonthesetools,seeESXPatchManagementToolsonpage 21.

HowtopatchESXi4.0hostswiththevihostupdatevSphereCommandLineInterface(CLI).For

informationonvihostupdate,seeESXPatchManagementToolsonpage 21.

HowtopatchversionsofESXreleasedpriortoversion4.0.Forinformationonthisprocess,seethePatchManagementforESXServerstechnoteandtheESXServer3PatchManagementGuide.

HowtoupgradeESXhosts.Forinformationonupgrading,seethevSphereUpgradeGuide.ForalistofVMwarereleasedefinitions,seetheVMwareUpgradeandUpdatePolicybygoingtohttp://www.vmware.com/support/policies/upgrade.html.

Intended Audience

ThismanualisintendedforanyonewhomustmanuallyapplypatchestoESX4.0hosts.Theinformationin

thismanualiswrittenforsystemadministratorswhouseaserviceconsoletomanageESXhosts.

Whats Changed from ESX 3.x

ThismanualhasbeenupdatedfromtheESXServer3PatchManagementGuidetoincludenewdefinitionsand

proceduresthatareuniquetoESX4.0.

Document Feedback

VMwarewelcomesyoursuggestionsforimprovingourdocumentation.Ifyouhavecomments,sendyour

feedbackto:

[email protected]

VMware vSphere Documentation

TheVMwarevSpheredocumentationconsistsofthecombinedvCenterServerandESXdocumentationset.

About This Book
http://www.vmware.com/support/policies/upgrade.htmlhttp://www.vmware.com/pdf/vi3_35/esx_3/r35/vi3_35_25_esxupdate.pdfhttp://www.vmware.com/pdf/vi3_35/esx_3/r35/vi3_35_25_esxupdate.pdfhttp://www.vmware.com/pdf/vi3_35/esx_3/r35/vi3_35_25_esxupdate.pdfhttp://www.vmware.com/pdf/vi3_35/esx_3/r35/vi3_35_25_esxupdate.pdfhttp://www.vmware.com/pdf/vi3_35/esx_3/r35/vi3_35_25_esxupdate.pdfhttp://www.vmware.com/pdf/vi3_35/esx_3/r35/vi3_35_25_esxupdate.pdfhttp://www.vmware.com/pdf/vi3_35/esx_3/r35/vi3_35_25_esxupdate.pdfhttp://www.vmware.com/pdf/vi3_35/esx_3/r35/vi3_35_25_esxupdate.pdfhttp://www.vmware.com/pdf/vi3_35/esx_3/r35/vi3_35_25_esxupdate.pdfhttp://www.vmware.com/pdf/vi3_35/esx_3/r35/vi3_35_25_esxupdate.pdfhttp://www.vmware.com/pdf/vi3_35/esx_3/r35/vi3_35_25_esxupdate.pdfhttp://www.vmware.com/pdf/vi3_35/esx_3/r35/vi3_35_25_esxupdate.pdfmailto:[email protected]://www.vmware.com/pdf/vi3_35/esx_3/r35/vi3_35_25_esxupdate.pdfhttp://www.vmware.com/support/policies/upgrade.htmlmailto:[email protected]


6/24


6 VMware, Inc.

Technical Support and Education Resources

Thefollowingsectionsdescribethetechnicalsupportresourcesavailabletoyou.Youcanaccessthemost

currentversionsofthismanualandotherbooksbygoingto:

http://www.vmware.com/support/pubs

Online and Telephone Support

Useonlinesupporttosubmittechnicalsupportrequests,viewyourproductandcontractinformation,and

registeryourproducts.Gotohttp://www.vmware.com/support.

Customerswithappropriatesupportcontractsshouldusetelephonesupportforthefastestresponseon

priority1issues.Gotohttp://www.vmware.com/support/phone_support.

Support Offerings

FindouthowVMwaresupportofferingscanhelpmeetyourbusinessneeds.Goto

http://www.vmware.com/support/services.

VMware Education Services

VMwarecoursesofferextensivehandsonlabs,casestudyexamples,andcoursematerialsdesignedtobeused

asonthejobreferencetools.FormoreinformationaboutVMwareEducationServices,goto

http://mylearn1.vmware.com/mgrreg/index.cfm.
http://www.vmware.com/support/pubshttp://www.vmware.com/supporthttp://www.vmware.com/support/phone_support.htmlhttp://www.vmware.com/support/serviceshttp://mylearn1.vmware.com/mgrreg/index.cfmhttp://mylearn1.vmware.com/mgrreg/index.cfmhttp://mylearn1.vmware.com/mgrreg/index.cfmhttp://mylearn1.vmware.com/mgrreg/index.cfmhttp://www.vmware.com/support/serviceshttp://www.vmware.com/support/phone_support.htmlhttp://www.vmware.com/supporthttp://www.vmware.com/support/pubs


7/24

VMware, Inc. 7

1

Softwarepatchesprovideimmediatefixesforoneormoresecurityissuesorcriticalfixesforaspecificareaof

theproduct.Forinformationaboutaspecificpatch,gototheVMwarevSphereDownloadCenterat

http://www.vmware.com/download/vi.

Typesofsoftwareupdatesandrelatedterms:

Bulletin.A

grouping

of

one

or

more

VIBs

(vSphere

Installation

Bundle).

Bulletins

are

defined

within

metadata.

Depot.AlogicalgroupingofVIBsandassociatedmetadatathatispublishedonline.

Extension.AbulletinthatdefinesagroupofVIBsforaddinganoptionalcomponenttoaESXhost.An

extensionisusuallyprovidedbyathirdparty,asarepatchesorupdatestotheextension.

Metadata.Extradatathatdefinesdependencyinformation,textualdescriptions,systemrequirements

andbulletins.

OfflineBundlezip.AnarchivethatencapsulatesVIBsandcorrespondingmetadatainaselfcontained

depotthatisusefulforofflinepatching.

Patch.AbulletinthatgroupsoneoremoreVIBstogethertoaddressaparticularissueorenhancement.

Rollup.Acollectionofpatchesthatisgroupedforeaseofdownloadanddeployment.

RPM.Binarypackagesthatincludeasetofcontrolscripts,whichprovideinformationfortheRPMabout

howtoinstallthepackageandanypostinstallationconfigurationthatisneeded.

Update.AperiodicreleaseofanESXimage,whichcontainsmultiplefixesandsupportfornewhardware.

VIB.AVIBisasinglesoftwarepackage.

Patchesdonothaveinstallationwizards.Youinstallthemwithapatchupdatetool.Thepatchupdatetoolfor

ESX4.0hostsisesxupdate.ForinformationaboutpatchupdatetoolsforotherESXversions,seeESXPatchManagementToolsonpage 21.

About the esxupdate Utility

Youusethepatchmaintenanceutility,esxupdate,toretrieveinformationaboutupdatesandextensionsfromVMwareandthirdparties,totrackinstalledsoftware,andtoapplysoftwarepackagestoESX4.0hosts.You

runesxupdatefromtheserviceconsolewhileyouareloggedontoanESX4.0hostasuserroot.Youcanrun

onlyoneinstanceatatimeonthesameESX4.0host.

Arecordofeachinstalledbulletiniswrittentothe/etc/vmware/esxupdatedirectoryonthehost.Therecord

includesthebulletinID,theinstallationtime,theVIBsinstalled,andotherdetails.Thisdirectoryactsasa

patchdatabaseandisusedbyesxupdatetoquerythepatchesinstalledonthehost.

About Patches and Updates 1

CAUTION Thisdirectoryisreadonly.Ifyouchangethecontents,whenesxupdateperformsanintegrity

check,itwillfailforthechangedfiles.Insuchcases,esxupdateexitswithanIntegrityErrormessage.Formore

information,seeesxupdateExitCodesandErrorMessagesonpage 19.
http://www.vmware.com/downloadhttp://www.vmware.com/download


8/24


8 VMware, Inc.

ForESX4.0hosts,therearefourbasicmodesofesxupdate:Inspectionmode,scanmode,testmode,and

updatemode.

Inspectionmode.Queriesyoursystemforbulletinsandbulletindetails.Youusetwocommandstoretrievebulletininformation:esxupdatequeryandesxupdateinfo.

UsetheesxupdatequerycommandtodisplayalistofbulletinsinstalledonESX4.0host.Theoutput

liststhebulletinsinascendinginstallationorderandincludesthebulletinname,installationdate,and

a40charactersummaryofthebulletin.Allbulletinsthatareinstalledarelisted.Bulletinsthatare

supersededbyanotherbulletinareconsideredobsoleteandarenotdisplayedinthisoutput.

Usetheesxupdateinfocommandtodisplayinformationonthecontentsofoneormorebulletins.

Theoutputincludesthebulletinname,releasedate,anddetailsaboutthemetadatafiles,including

theVIBpackagesthatarepartofthebulletin.

Youcanusetheinfocommandforbothinstalledanduninstalledbulletins.Formoreinformation,

seeRetrievingBulletinInformationonpage 12.

Scanmode.DetermineswhichbulletinsareapplicabletotheESX4.0hostbyqueryingthebulletinsinadepotandthebulletinsinstalledonthehostforbulletinandsystemdependencies.Usetheesxupdate

scancommandbeforeyouinstallbulletinstodeterminewhichonesareapplicabletothehost.Formore

information,seeScanningforApplicableBulletinsonpage 11.

Testmode.Enablesesxupdatetogothroughallinstallationoperationswithoutinstallingthespecifiedbulletins.Testmodedownloadstheappropriatefiles,preloadstheesxupdatedepotcacheforHTTPand

FTPservers,checksforRPMpackagedependencies,anddetermineswhichRPMstoinstall.Formore

information,seeStaginganInstallationonpage 13.

Updatemode.InstallsbulletinsonESX4.0hosts.Usetheesxupdateupdatecommandtoinstallindividualbulletins,abundlezip,oranonlinedepot.Updatemodescansthedepotfordependenciesand

handlesthem,ifpossible,beforeinstalling.Formoreinformation,seeInstallBulletinsonanESX4.0

Hostonpage 15.

Forinformationonesxupdatesyntaxandcommands,seeesxupdateOptionsandCommandsonpage 17

Patch Maintenance StrategyUsethefollowingguidelinestomanagepatchingforyourESX4.0hosts.

Keepyourenvironmentascurrentaspossible.Determinewhetheranybulletinsarenecessaryforyour

environmentandapplythosebulletins.Minimizethechangetoyoursoftwareenvironmentwhenever

possible.Formoreinformationondeterminingbulletinapplicability,seeScanningforApplicable

Bulletinsonpage 11.

Analyzetheriskfactorofapplyingthebulletin.Forexample,assessthevirtualmachineandESX4.0host

downtimerequirements.Thescancommandprovidestheinformationyouneedtoanalyzerisksand

serverdowntime.

Downloadandinstallrollupsratherthanindividualbulletins.Thismethodsavesyoudownloadtime

andensures,whendependenciesexist,thatyourdepotcontainsallnecessarybulletins.

Foramultihostenvironment,setuppatchdepotsonacentralizedserverthatisaccessiblebyallESXhosts.

CreateaseparatedepotforeachESXversioninyourenvironment.Althoughyoucanputdepotsonan

ESXhost,VMwaredoesnotrecommendit.


9/24

VMware, Inc. 9

Chapter 1 About Patches and Updates

Customizing Your Patch Process

Youcanwritecustomscriptstoautomateyourpatchprocess.Forexample,youcancreateacronjobto

periodicallydownloadrollupstoadepot.Youcanwriteascripttoscanthedepotforapplicablebulletinsand

installallatonetime.Ifduringthescanoperation,esxupdatefindsabulletinthatrequiresvirtualmachines

tobepoweredoff,youcanwriteascriptthatputsthemintomaintenancemode.

IfyouusecustomscriptstoautomatetheESX3patchprocess,youmustupdatethemtoworkwithESX4.0.

Specifically,upgrade

your

scripts

to

use

the

esxupdate -m option

to

point

to

the

depot

and

to

install

multiple

bulletinsatonetime.


10/24


11/24


12/24


12 VMware, Inc.

To scan for applicable bulletins

1 LogintotheserviceconsoleontheESX4.0hostasuserroot.

IfyoudonothavedirectaccesstotheESX4.0host,connectremotelytotheserviceconsoleusingssh.

2 IfthedepotisnotontheESX4.0host,typethefollowingcommandtoenableanoutgoingconnectionfor

theserviceconsole.

esxcfg-firewall --allowOutgoing

3 Runtheesxupdatescancommand.

Toscanapplicablebulletinsinadepot:

esxupdate -m scan

Toscanforapplicablebulletinsinabundlezip:

esxupdate --bundle scan

Tolistallthebulletinsregardlessofapplicabilityorsoftwareplatform,addthe--all / -aoption.

4 Whenyouaredoneaccessingthedepot,resettheserviceconsolefirewalltohighsecurity:

esxcfg-firewall --blockOutgoing

Forinformationonscanning,seeScanningforApplicableBulletinsonpage 11.Forinformationon

esxupdatesyntaxandcommands,seeesxupdate scanonpage 18.

Retrieving Bulletin Information

Theesxupdatequeryandesxupdateinfocommandsretrieveinformationaboutinstalledbulletinsand

bulletinsthatareinadepotorbundlezip.

To retrieve information about installed bulletins

1 Fromtheserviceconsole,logontotheESX4.0hostasuserroot.


2 Runtheesxupdatequeryorinfocommand.

Toretrieveabriefsummaryofallinstalledbulletins:

esxupdate query

Thiscommandlistsallinstalledbulletinsinascendinginstallationorderandincludestheinstallation

dateandabriefsummaryforeachbulletin.

Toretrievedetailsaboutbulletinsreturnedbythequery:

esxupdate -b -b info

Forinformationonesxupdatesyntaxandcommands,seeesxupdate queryonpage 18andesxupdate

infoonpage 18.

ThefollowingExample12showstheinformationreturnedwhenyouruntheesxupdate querycommand

onanESX4.0host.

Example 2-2. Example 1-2. query Command Sample Output

Installed software bulletins

-----Bulletin ID---- --Installed-- --------Summary--------

bul_1 2008-07-08T19:55:04 This is the summary

Cisco Swordfish Drop 071420082008-07-19T05:03:22 Swordfish VIB for COS only

NOTE Youcannotrunesxupdateinthecurrentdirectorywithout-mor--bundle.


13/24

VMware, Inc. 13

Chapter 2 Installing Updates

To retrieve information about bulletins in a depot or bundle zip




theserviceconsole.


3 Runtheesxupdateinfocommand.

Toretrievedetailsofallbulletinsinametadatafile:

esxupdate -m info

Toretrievedetailsofspecificbulletinsinadepot:

esxupdate -m -b -b info

Toretrievedetailedinformationonallbulletinsinabundlezip:

esxupdate --bundle info

4 Whenyouaredoneaccessingthedepot,resettheserviceconsolefirewalltohighsecurity.


Forinformationonesxupdatesyntaxandcommands,seeesxupdate infoonpage 18.

ThisExample13showstheinformationreturnedwhenyouruntheesxupdateinfocommandonasingle

installedbulletin.

Example 2-3. Example 1-3. info Command Sample Output

Id - Driver 2

Releasedate - Releasedate - 2008-11-17T11:28:42-07:00

Vendor - VMware, Inc.

Summary - Wonderful driver 2.1

Severity - critical

Category - storageInstalldate -

Description - Self-contained bulletin with one Vib

Kburl - http://kb.vmware.com/selfservice/microsites

Contact - [email protected]

List of constituent VIBs:

cross_driver_2.1-1

Verifying Disk Space

Checkthefollowingrequirementstomakesurethehostsystemhasenoughdiskspace.

The/partitiondirectoryhasatleast50MBoffreespace.

Thediskspaceallocatedtotheserviceconsolehasanamountoffreespacethatistwicethesizeofthe

bulletintobeinstalled.

Beforeinstallingpatches,usethestagecommand.SeeStaginganInstallationonpage 13.

Staging an Installation

Staginganinstallationallowsesxupdatetoperformthefollowingtaskswithoutinstallinganybulletins:

DownloadstheappropriatebulletinsandVIBpackagestothehosttoreducedowntimewhenalarge

numberofupdatesmustbeinstalled

ChecksforVIBsignature


14/24


14 VMware, Inc.

ChecksforVIBandRPMdependencies

Determinesthebulletinorder

DetermineswhichRPMsmustbeinstalled,butdoesnotinstallthem

ThiscommandalsopopulatestheesxupdatecachefortheHTTPandFTPdepotsaswellasbundlezips.Asa

result,whenyouruntheupdatecommand,thedownloadstepcanbeskipped.

To stage an installation1 Fromtheserviceconsole,logontotheESX4.0hostasuserroot.



theserviceconsole.


3 Runtheesxupdate stagecommand.

Torunatestinstallationofallbulletinsinadepot:

esxupdate -m stage

Torunatestinstallationofmultiplebulletinsinadepot:

esxupdate -m -b -b stage

Torunatestinstallationofabundlezip:

esxupdate --bundle stage

4 Whenyouaredoneaccessingthedepot,resettheserviceconsolefirewalltohighsecurity:


Installing Bulletins

You

use

the

esxupdate

update

command

to

install

bulletins.

You

can

install

any

number

of

bulletins

from

one

ormoredepots.Youcaninstalloneormorebundlezipfiles.Thebundlezipfilesareindependentfromany

depotandcanbelocatedonthelocalESXhost,aCDROMdrive,oranyremoteHTTP,NFS,orFTPserver.

Wheninstallingbulletins,keepinmindthefollowingesxupdatebehavior:

IfyoudonotspecifybulletinIDstoinstall,esxupdateinstallsallapplicablebulletinsinthedepot.

IfyouspecifyoneormorebulletinIDstoinstall,thefollowingcanhappen:

Ifnodependenciesexist,esxupdateinstallsonlythosebulletins.

Ifdependenciesexistandaspecifiedbulletinrequiresyoutoinstalloneormoreunspecified

bulletins,youaregiventheoptiontoinstalladditionalpackages.Thesepackagesareinstalledifyou

entery.

Thehost

system

should

have

the

following

space

available

to

ensure

space

for

the

installation:

Aminimumof24MBforthe/tmpand/boot directories.

Aminimumof100MBforthe/rootdirectory.

Ingeneral,theinstallationrequirestwicethesizeofthedownloadedbulletins.

Beforeyouinstallbulletinsorbundlezipfiles,youmustrunthestagecommandtodownloadallpackages,

validatesignatures,andcheckfordependenciesandconflicts.

Duringtheinstallationprocess,esxupdatevalidateseachVIBpackagebyusingasetofsignaturekeys.Ifany

VIBpackageinapatchcontainsamissingorinvalidsignature,esxupdatedoesnotinstallthebulletin.


15/24

VMware, Inc. 15

Chapter 2 Installing Updates

Aftervalidatingthebulletins,esxupdateperformsthefollowingtasksduringtheinstall:

FiltersoutanypackagesthatdonotapplytothecurrentversionESX.

Checksforsoftwaredependenciesandprerequisites,forexample,ifthebulletinisthecorrectESXversion,

ifvirtualmachinesarepoweredoff,andsoon.

Verifiesthedigitalsignaturesofthepackagesineachbulletin.

Checksforadequatediskspace.

RemovesobsoletepackagesfromtheESX4.0host.

Installsthepackages.Packagesinstalledalreadyorsupersededbyanewerinstalledversionarenot

installed.

Updatestheinitrdimage,whichensuresupdateddriversareloadedonESXforthenextboot.

Duringtheinstallation,ifanesxupdatepatchisavailable,theutilityupdatesitself.Iftheinitrdanddriver

configurationsrequirechanges,thechangesaremadeafterallbulletinsareinstalled.

Forinformationoninstallingbulletins,seeInstallBulletinsonanESX4.0Hostonpage 15.Forinformation

oncheckingforpatchdependencies,seeScanningforApplicableBulletinsonpage 11.

Install Bulletins on an ESX 4.0 HostTheinstallationprocessisrecordedintheesxupdate.logfile.Bydefault,thisfileislocatedinthe

/var/log/vmwaredirectory.

To install bulletins on an ESX host

1 Verifythatthehosthasenoughdiskspacetoperformtheinstallation.

SeeVerifyingDiskSpaceonpage 13.




theserviceconsole.


4 Scanthedesiredbulletinstodetermineiftheyareapplicable.

SeeToscanforapplicablebulletinsonpage 12.

5 Runesxupdateupdatecommand.

Toinstallallapplicablebulletinsinthedepot:

esxupdate -m update

Toinstallspecificbulletinsinthedepot:

esxupdate -m -b update

Toinstallallapplicablebulletinsinabundlezip:

esxupdate --bundle update

6 Ifnecessary,rebootthesystem.

NOTE Esxupdateneverrebootsyourhost.


16/24


17/24

VMware, Inc. 17

3

Thischaptercontainsthefollowingsections:

esxupdateOptionsandCommandsonpage 17.

esxupdateExitCodesandErrorMessagesonpage 19.

FrequentlyAskedQuestionsonpage 20.

esxupdate Options and Commands

TheesxupdateutilityisapatchmaintenancetoolforESX.Youuseittoreviewthecontentsofabulletin,

installsoftware,andtrackinstalledsoftware.

YourunesxupdatefromtheESXserviceconsolewhileloggedinasuserroot.Theactivityofthetoolis

recordedintheesxupdate.logfile.Bydefault,thisfileislocatedinthe/var/log/vmwaredirectory.

Toseehelpinformationforesxupdate,runtheutilitywithnoarguments.

Reference Information 3

Table 3-1. esxupdate Options

Option Flag Description

--meta -m Specifiesthelocationofmetadatafileinsideadepot.Canberepeated.AmetadataURLmaypointtoavendorswebsitedirectly,ifvendorsmaketheirupdatesavailableonline,ortoalocallymirroredcopy.Whenyouusethe-m flagwithoutthe-b flag,esxupdateselectsallthebulletinsinthemetadata.Forexample:

(HTTP): esxupdate -mhttp://downloads.vmware.com/vi4/update1-metadata.zip -m

http://updates.dvs.cisco.com/fake/esx4/metadata.zip

(HTTPS): esxupdate -mhttps://downloads.vmware.com/vi4/update1-metadata.zip -m

https://updates.dvs.cisco.com/fake/esx4/metadata.zip

(FTP): esxupdate -m ftp:///esx/vi4/metadata.zip-b VMW_ESX4_Patch1

(NFS):esxupdate -m file:///var/updates/esx4/metadata.zip

-b |

-b Specifiesoneormorebulletins.Ifnotspecified,allbulletinsarehandled.Mustbecombinedwiththe-mor--bundleoptions.Useone-bflagforeachbulletintoinstall.Forexample:

esxupdate m esxupdate -b ESX350-200802055-BG -b

ESX350-200803066-SG

--bundle

Specifiesthelocationofanofflinebundlezip. esxupdatedownloadsandunpacksthezip.Canbeusedwith-boptiontoselectbulletinswithinthebundlezip.Canberepeated.Usewiththescan,info,stage,updatecommands.Forexample:

esxupdate --bundle scan

--http_proxy

:

UseatforHTTPconnections.


18/24


18 VMware, Inc.

esxupdate Commands

--all Listsallthebulletinsinmetadataorbundlezips,insteadofjusttheapplicableones.Usethisoptionwiththeesxupdatescancommand.

--loglevel

Changesthelevelofdetailwrittentotheesxupdate.logfile.Possiblevaluesareasfollows:

orDEBUGDebugginginformation

orINFODetailedInformation orWARNINGWarning

orERRORError

--nocache TheesxupdateupdatecommandusesitscacheofalreadydownloadedVIBsifpossible,buttherearetimeswhenthecachecanbecomestale.Usethe--nocacheoptiontoforceesxupdateupdatetoalwaysdownloadallVIBs.

--retry SpecifiesthenumberoftimestoretryaconnectiontoanHTTP,HTTPSorFTPserver.Thedefaultvalueisdefinedinthe[defaults]sectionofesxupdate.conf.Ifyouenteraspecificvaluethedefaultvalue5isoverridden.Forexample,ifyouenter7,itsupersedes5andesxupdatetriestoreconnecttoanHTTP,HTTPSorFTPserverseventimesincaseofabrokenconnection.

--timeout SpecifiestheamountoftimetowaitwhenconnectingtoorreadingfromanHTTP,HTTPS,FTPserverorproxy.

Table 3-1. esxupdate Options (Continued)

Option Flag Description

Table 3-2. esxupdate Commands

Command Description

esxupdate info Displaysinformationaboutbulletins,includingabriefsummary,andbuildandinstalltimes.ThiscommandretrievesthebulletindefinitionsfromthemetadataorthepatchdatabaseontheESXhost(/etc/vmware/esxupdate).SeeRetrievingBulletinInformationonpage 12.

Syntax for bulletins in a depot:

esxupdate -m meta1URL -b bulletinID [-b bulletin2 ...] info

esxupdate --bundle bundleZipURL [-b bulletinID [-b bulletin2 ...]] info

Syntax for bulletins in the patch database:esxupdate -b installed-bulletinID info

esxupdate query Returnsalist,ininstallorder,ofallbulletinsinstalledontheESXhost.SeeToretrieveinformationaboutinstalledbulletinsonpage 12.

Syntax

esxupdate query

esxupdate scan Returnsalistoftheapplicablebulletinsinadepotmetadataorinabundlezip.Usewith--alloptiontoreturnalistofallbulletins.SeeScanningforApplicableBulletinsonpage 11.Syntax

esxupdate [--meta ] [--bundle ] [--all]] scan

esxupdate stage DownloadstheappropriateVIBsfortheselectedbulletins,preloadstheesxupdatedepotcacheforHTTPandFTPservers,andchecksforVIBandRPMdependencies.Forexample:

esxupdate -m stageSeeStaginganInstallationonpage 13.

esxupdate update Checksthespecifiedbulletinsfordependencies,checkstheESXhostfordependencies,determineswhichbulletinstoinstall,andinstallsthemontheESXhost.SeeInstallBulletinsonanESX4.0Hostonpage 15.

Syntax

esxupdate -m https://meta1.zip [-m https://meta2.zip ... ] [-b bulletinID1

[-b bulletinID2 ... ]] update

esxupdate --bundle https://offline-bundle.zip [-b bulletin1 [-b bulletin2

... ]] update


19/24

VMware, Inc. 19

Chapter 3 Reference Information

esxupdate Exit Codes and Error Messages

Table 3-3. esxupdate Error Codes and Error Messages

Exit Code Error Message Explanation and Workaround

0 Commandcompletedsuccessfully.

1 Notroot.esxupdatemustbeenteredastherootuser.

2 Invalidcommand

line

syntax

or

arguments.

3 LockingError Cannotacquirelock.Anotheresxupdateisrunning.

4 MetadataDownloadError Downloadingorextractionofdatafailed.VerifythatthecorrectURLwasspecified,andisreachable.Useesxcfg-firewalltoopenadditionalports.IfthetargetURLorfilehasbeencopiedfromanothersource,verifythatithasbeencopiedcorrectly.

5 MetadataFormatError

7 VibDownloadError

26 BundleDownloadError

27 BundleFormatError

8 VibFormatError NotaVIBarchive,missingfiles,filesinwrongorder,descriptor.xmlinvalid.

9 VibIOError Indicatesanerrorreadingorwritingfilestoorfromlocal

storage.Verify

that

adequate

free

space

exists

on

mounted

filesystems.10 FileIOError

11 DatabaseFormatError vibs.xmlnotavalidXMLfile.Bulletinszipnotaziparchive.Invalidstructureineitherfile.

13 NoMatchError VIBorBulletinIDnotinmetadata,orrequestedVIBsorbulletindonotapplytohostplatform(stage,updateonly).

14 DependencyError esxupdatewasunabletoresolvedependencies.ThisconditionisduetoconflictsbetweenanyoftherequestedVIBs,requireddependenciesandthehost,packagesonthehostobsoletingreqestedVIBsortheirrequirements,orduetooneormorerequirementsnotbeingfoundinthemetadata(stage,updateonly).ThisconditionisdifferentfromUnsatisfiedDependencies.

15 PackageManagerError RPMoripkgtransactionfailed.

18 MaintenanceModeError ESXhostisnotinmaintenancemodewhenitmustbe,orhostdisdown.Maintenancemodecannotbedetermined.

19 PostScriptError Apostscriptexitedwithanonzerostatus.

20 VibSigMissingError OneormoreVIBscontaininvalidoruntrustedsignaturedata. Ifthedatahasbeencopiedfromanothersource,verifythatithasbeencopiedcorrectly.Verifythatthehostdateissetcorrectly. Ifproblemspersist,contactVMwareSupport.

21 VibSigVersionError

22 VibSigFormatError

23 VibSigInvalidError

24 VibSigDigestError

25 UnsatisfiedDependencies AdditionalVIBsarerequiredforinstallation,andtheuser

declinedtoinstallthem.ThisconditionisspecificallydifferentfromDependencyError. Whiledependenciesweresuccessfullyresolved,theycouldnotbeautomaticallyinstalledduetouserinput(CLI)orfailureofthecallertospecifyrequiredVIBsonthecommandline(HAorCLI).

80 Notanerror.Thesystemmustberebootedtocompletetheupdate.


20/24


20 VMware, Inc.

Frequently Asked Questions

WhenanRPMonmyESXhosthasaLinuxequivalent,canIusetheLinuxRPMtoupdatemysystem?

No.VMwarerecommendsthatyouupdateyourESX4.0hostwithRPMssuppliedbyVMware.

CanIremoveinstalledVMwarepatchesfrommyESXhost?

No.Patchescannotberemovedaftertheyareinstalled.

ShouldthebuildnumberoftheESXhostchangeafterIapplyapatch?

ItisnormalforsomeportionsoftheESX4.0softwareinstallationtochangebuildnumberswhenpatchesare

applied.ForinformationondeterminingthebuildnumberforeachofthecomponentsofyourESX

installation,seetheVMwareknowledgebasearticle,KB1001179.
http://kb.vmware.com/kb/1001179http://kb.vmware.com/kb/1001179http://kb.vmware.com/kb/1001179http://kb.vmware.com/kb/1001179


21/24

VMware, Inc. 21

4

ThissectiondescribesthreepatchmanagementtoolsthatVMwareprovidesinadditiontotheesxupdate

utility:

AboutVMwarevCenterUpdateManager

AboutvSphereHostUpdateUtility

AboutvihostupdatevSphereCLI

Youcanaccessthemostcurrentversionsofthedocumentationforeachtoolbygoingto

http://www.vmware.com/support/pubs.

YoucanfindinformationabouttheVMwareUpgradeandUpdatePolicybygoingtohttp://www.vmware.com/support/policies/upgrade.html.

About VMware vCenter Update Manager

VMwarevCenterUpdateManagerisanoptionalmoduleforvCenterServerthatperiodicallydownloads

patchinformationfromtheInternet.UpdateManagerperformsuserdefinedscanoperationsonESX4.0and

ESXi4.0hostsforpatchcompliance.Ifitdeterminesapatchisrequired,VMwarevCenterUpdateManager

downloadsthepatchandinstallsitbasedonuserdefinedconfigurations.VMwarevCenterUpdateManagercanperformscanandinstallationoperationswithlatestpatchesinanairgaporsemiairgapenvironmentthat

hasnoInternetaccess,byusingasharedrepository.TheUpdateManagerpluginisanoptionalfeaturethat

requiresvSphereClient.

TheVMwarevCenterUpdateManagerdocumentationconsistsofreleasenotes,anadministrationguide,and

onlinehelpintegratedwiththeVMwarevCenterUpdateManagervSphereClientplugin.

About vSphere Host Update Utility

YoucanusevSphereHostUpdateUtilitytopatchESXi4.0hosts.vSphereHostUpdateUtilityfindsapplicable

patchesandenablesyoutoinstallthem.YouhavetheoptiontoinstallvSphereHostUpdateUtilitywhenyou

installthevSphereClient. Bydefault,theutilityisnotinstalled.

ThevSphereHostUpdateUtilityisdocumentedinthevSphereUpgradeGuide.About vihostupdate vSphere CLI

ThevihostupdatevSphereCLIcommandcanscanESX/ESXihostsforinstalledpatches,enforcesoftware

updatepolicies,andinstallsoftwarepatches.ItcanperformsoftwareupdatestoESX/ESXiimagesandinstall

andupdateESX/ESXiextensionssuchasVMkernelmodules,drivers,andCIMproviders.ForESX/ESXi4.0

hosts,runvihostupdate.ForESX/ESXi3.5hosts,runvihostupdate35.

SeethevSphereCLIInstallationandReferenceGuideandthevSphereUpgradeGuide.

ESX Patch Management Tools 4
http://www.vmware.com/support/policies/upgrade.htmlhttp://www.vmware.com/support/policies/upgrade.html


22/24


22 VMware, Inc.


23/24

VMware, Inc. 23

Index

Bbulletinsabout extracting 11

about installing 14

installing 15

querying bulletins in a depot 13

querying installed bulletins 12

retrieving RPM details 13

scanning 11, 12

test install 13

verifying installation 16

Ccustomizing patching, about 9

D

depots

querying bulletins 13

disk space

requirements 13

E

error messages 19

esxupdate

--all option 18

-b option 17

exit codes and error messages 19

info operation 18

--loglevel option 18

query operation 18

scan operation 18

stage operation 18

update operation 18

esxupdate utility

about 7

commands 17, 18options 17

Exit codes 19

F

frequently asked questions 20

I

info command

about 18

sample output 13

installation

disk space 13

verifying 16

installed bulletins

listing 12

P

patching

customizing 9

strategy 8

patching tools

vihostupdate vSphere CLI 21

VMware vCenter Update 21

vSphere Host Update Utility 21

Q

query command

about 18

sample output 12

R

roll-ups

about installing 14

installing 15

RPM packages

retrieving details 13

S

scan command

sample output 11

scanning bulletins 12

about 11

T

test install, running 13

U

update command

about 18

V

vihostupdate vSphere CLI 21

VMware vCenter Update 21

vSphere Host Update Utility 21


24/24


esx4 patch management guide

Documents